Now Available! NIST Cybersecurity White Paper: Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration

The National Cybersecurity Center of Excellence (NCCoE) has published the final version of NIST Cybersecurity White Paper (CSWP) 34, Mitigating Cybersecurity and Privacy Risks in Telehealth Smart Home Integration. 

About the White Paper

Hospital-at-Home (HaH) is a form of telehealth where patients receive clinical care and monitoring from their homes. By integrating information systems outside the hospital’s direct control, HaH introduces privacy and cybersecurity risks. For example, HaH programs sometimes use consumer-grade Internet of Things (IoT) devices in their homes, such as voice assistants (e.g., smart speakers), as part of a broader “smart home” ecosystem.

NIST’s newly finalized cybersecurity white paper introduces a notional, high-level smart home integration reference architecture to better understand and address these risks. Building on NIST’s prior work in telehealth security, the white paper examines privacy and cybersecurity risks associated with HaH deployments in the context of an integrated smart home environment, focusing on voice assistants as a representative IoT device. The guidelines draw upon several other NIST publications including the NIST Cybersecurity Framework (CSF 2.0), the NIST Privacy Framework (PF 1.0) and NIST Internal Report 8425, Profile of the IoT Core Baseline for Consumer IoT Products. The guidelines summarize the mitigation recommendations and map them to relevant sections of these three publications for reference.